Skip to content

Add PPL security setting documentation #777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 18, 2022
Merged

Add PPL security setting documentation #777

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 69 additions & 0 deletions docs/user/ppl/admin/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
.. highlight:: sh

=================
Security Settings
=================

.. rubric:: Table of contents

.. contents::
:local:
:depth: 1

Introduction
============

User needs ``cluster:admin/opensearch/ppl`` permission to use PPL plugin. User also needs indices level permission ``indices:admin/mappings/get`` to get field mappings and ``indices:data/read/search*`` to search index.

Using Rest API
==============
**--INTRODUCED 2.1--**

Example: Create the ppl_role for test_user. then test_user could use PPL to query ``ppl-security-demo`` index.

1. Create the ppl_role and grand permission to access PPL plugin and access ppl-security-demo index::

PUT _plugins/_security/api/roles/ppl_role
{
"cluster_permissions": [
"cluster:admin/opensearch/ppl"
],
"index_permissions": [{
"index_patterns": [
"ppl-security-demo"
],
"allowed_actions": [
"indices:data/read/search*",
"indices:admin/mappings/get"
]
}]
}

2. Mapping the test_user to the ppl_role::

PUT _plugins/_security/api/rolesmapping/ppl_role
{
"backend_roles" : [],
"hosts" : [],
"users" : ["test_user"]
}


Using Security Dashboard
========================
**--INTRODUCED 2.1--**

Example: Create ppl_access permission and add to existing role

1. Create the ppl_access permission::

PUT _plugins/_security/api/actiongroups/ppl_access
{
"allowed_actions": [
"cluster:admin/opensearch/ppl"
]
}

2. Grant the ppl_access permission to ppl_test_role

.. image:: https://user-images.githubusercontent.com/2969395/185448976-6c0aed6b-7540-4b99-92c3-362da8ae3763.png
2 changes: 2 additions & 0 deletions docs/user/ppl/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ The query start with search command and then flowing a set of command delimited

- `Plugin Settings <admin/settings.rst>`_

- `Security Settings <admin/security.rst>`_

- `Monitoring <admin/monitoring.rst>`_

* **Commands**
Expand Down